I am very new to cordova developing. I am trying to develop one login page in android app, i need to access username and password from database for checking credential. Now i am hosting one web service and just pass the user name and password to that service using ajax request and proceed based on value returned from webservice. I dont know is this the correct procedure?. I am sending user name and password through ajax post, i think its insecure.Can you please suggest the best wasy to access database in cordova? I am using visual studio IDE for developing. I used following code to send username and pwd to webservice.
$.ajax({
url: 'localhost\service\Controller',// hostedd in iis
data: JSON.stringify({ username: 'user1', password: 'pwd' }),
sucess: function (data) {
//perform operation for login success
},
error: function () {
}
})
Thanks
Follow these steps:
If you use external urls, then white listen them: http://cordova.apache.org/docs/en/dev/guide/appdev/whitelist/index.html
Use only https.
Verify the footprint of your cert by using this plugin:
http://plugreg.com/plugin/EddyVerbruggen/SSLCertificateChecker-PhoneGap-Plugin
Don't send the password, send the hash of the password. Use the same algorithm which you use in the backend for creating the hash.
Create a device UUID, save it on the device and send it to the backend and save it the first time, the device called the backend. Use this UUID for logging the device activity.
On every request to the backend, send the device UUID and check it.
Make sure, that you have a way in the backend to stop the activity of a device and user.
In some of my apps, I use the device UUID for individual encryption.
If you want, you can encrypt your whole app by using this plugin:
http://plugreg.com/plugin/EddyVerbruggen/SSLCertificateChecker-PhoneGap-Plugin